Nice to meet you.

Enter your email to receive our weekly G2 Tea newsletter with the hottest marketing news, trends, and expert opinions.

127 Data Breach Statistics that Deliver Cybersecurity Insights

October 11, 2023

data breach statistics

A data breach occurs when unauthorized individuals gain access to confidential data. Typically, these breaches expose sensitive information ranging from personal details to financial records. Motives vary. Some hackers aim for financial gain, while others might seek a competitive edge or simply want to create chaos. 

For businesses, the stakes are even higher. Immediate costs, like addressing the breach and paying legal fees, can mount rapidly. More damaging, though, is the blow to reputation. 

As data breaches continue to make headlines, companies have started using data breach notification software to document and report attacks to authorities. Discover the leading causes of data breaches and their impact through the statistics below. 

Top data breach statistics

Data breaches cause reputational damage and pile on financial losses in fines. These statistics explore the recent trends in the industry.

  • 83% of organizations faced more than one data breach in 2022.
  • There’s a steep rise in the global cost of cybercrime. It’s set to hit $10.5 trillion by 2025, growing at a rate of 15% every year.
  • The average cost of losing a data record is $150.
  • In 2023, enduring a data breach cost organizations a global average of $4.45 million, showcasing a significant rise of 15% over the past three years.
  • During the COVID-19 pandemic, March 2020 witnessed a massive surge in cyber scams, spiking by 400%.
  • 1/3 of retail, finance, or healthcare customers stop doing business with those hit by a data breach. 85% of them talk about the incident in their circles. 33.5% don’t hesitate to air their grievances on social platforms. 
  • 91% of customers explore competitors’ products and services after one poor experience. 
  • Clearview AI had over 3 billion photos and its client list stolen in February 2020.

98%

of data breaches at point-of-sale systems in the hospitality sector happened for financial gain in 2021.

Source: Verizon

  • Due to a flaw in its open-source library, OpenAI's ChatGPT revealed sensitive data, including payment details in 2023, of 1.2% of its ChatGPT Plus subscribers.
  • Organizations employing security artificial intelligence (AI) and automation save an impressive average of $1.76 million compared to those without.

Data breach prevention statistics

Prevention is better than cure. Avoiding breaches as much as possible is the main goal. At the heart of it all, being proactive is the key. You can protect valuable data from falling into the wrong hands through consistent efforts and simple steps. The statistics below convey what’s trending in data breach prevention. 

  • 3 of 5 chief information security officers (CISO) saw their cybersecurity budgets increase despite the economic slowdown in 2023. 
  • Organizations spent over $150 billion on cybersecurity in 2021.
  • 63% of companies already use a biometric system in 2023 or plan to install one soon.
  • Business email compromises had the second-longest mean detection and containment time at 308 days.
  • 51% of organizations are gearing up to enhance security measures in response to breaches in 2023. This rise includes stepping up on incident response plans, training employees better, and investing in tools that detect and respond to threats efficiently.

65%

of organizations plan to pump more money into cybersecurity in 2023.

Source: CSO Online

  • While 73% of organizations have an incident response (IR) plan, only 63% test it regularly.
  • Companies utilizing security artificial intelligence identified and controlled data breaches 74 days faster on average than those without it.
  • Investment in hardware-based security services dipped from 20% in 2015 to 17%, primarily because of their limited functionality in virtual setups.
  • 38% of organizations spent over 20% of their IT budget on security in 2023.

Data breach insurance statistics

Two types of data breach insurance are available: first- and third-party. First-party data breach insurance is the immediate help you receive when you face a data breach. It covers many important areas like investigation, notification, and communication with affected parties. Third-party data breach insurance is like having a safety net. It encompasses legal fees, settlements, and other court expenses. The statistics below explore data breach insurance trends in detail. 

  • Looking ahead to 2025, cyber insurance premiums are set to reach an impressive $20 billion.
  • A majority of losses in data breach insurance claims, 71%, get coverage under cyber policies, with the insurer going in for 44% and the insured handling 27%.
  • Between 2013 and 2019, 73% of cyber insurance claims were due to data breaches and crisis management.

75%

of organizations worldwide have taken the step of buying cyber liability insurance.

Source: Actuary

  • The main costs in a data breach insurance claim include forensics (21%), legal advice (13%), and credit monitoring services (14%).
  • 27% of data breach insurance claims have exclusion terms leading to no or partial payout.
  • Manufacturing firms topped the chart at a 22% incident rate when facing cyber insurance claims because of malicious data breaches.
  • For businesses in the retail and wholesale sector, the primary triggers for filing insurance claims were targeted data breaches, constituting 30%, and unintentional data breaches at 8%.
  • In the recent past, nearly two-thirds of big companies in the US, amounting to 64%, opted for cyber insurance to transfer risk.
  • In the IT and communications sectors, the leading causes for insurance claims were malicious (24%) and accidental data breaches (18%).

General data breach statistics

Companies big and small fall victim to data breaches. Sometimes, it's due to weak security measures. Other times, it’s because of crafty hacking techniques. Either way, the impact is massive. Consumers lose trust in companies, and their personal and financial security becomes compromised. Explore the statistics below to observe patterns and trends in modern data breaches.

  • The year 2022 witnessed a 13% increase in ransomware attacks, signaling a growing threat.
  • In 2021, 57% of data breaches led to identity theft involving unauthorized financial transactions and other scams using personal data.
  • Remote work during the pandemic heightened data breach risks. 43% of remote employees made errors that exposed sensitive data to threats.
  • 48% of malicious email attachments are Microsoft Office files.
  • 58% of companies discovered over a thousand folders with inconsistent permission settings in 2019, showcasing a gap in data management practices.
  • It took an average of 295 days to identify and control breaches stemming from phishing in 2022, making it the third longest process in the cybersecurity sector.
  • Phishing is responsible for more than 22% of data breaches. 
  • 79% of organizations overseeing critical infrastructure have yet to implement a zero-trust architecture, leaving them vulnerable to cyber-attacks.
  • 45% of data breaches involve cloud-based systems.

60%

of organizations raised their prices following data breach experiences.

Source: Halock

  • Hospitals are a primary target for significant data breaches, with 30% of all incidents occurring in healthcare facilities.
  • From March 2021 to February 2022, data breaches exposed at least 42 million individual records.
  • In the first half of 2022, the U.S. reported around 817 data breaches.
  • Phishing attacks in 2021 marked one of the most expensive years in the last 17 years due to data breaches.
  • 77% of firms are ill-prepared to handle an attack or data breach competently.
  • 69% of companies encountered data breaches due to uneven cloud security settings.
  • 36% of all data breaches had connections to phishing in 2022.
  • In 2021, the most common cause of data breaches was compromised credentials, occurring in 20% of cases.
  • Detection and containment time were reduced by ten days or 3.5%, declining from 287 days in 2021 to 277 days in 2022.
  • Negligent employees are the source of 61% of data breach threats in healthcare.
  • In regulated industries like healthcare and finance, 24% of data breach costs accrued more than two years after the breach in 2022. 
  • 38% of organizations feel their security teams are sufficiently staffed.
  • Myspace experienced a massive breach in 2013 that affected nearly 360 million accounts.
  • The US saw about 6,550 data breaches from 2013 to 2017, considerably more than the UK's 570.
  • Healthcare remained the most targeted sector, facing over 2,248 breaches between 2013 and 2016.

Data breach cost statistics

The cost of a data breach varies, but it's always expensive. When unauthorized access occurs, companies face immediate financial hits. They might need experts to fix the breach or to address legal issues. There's also the price of notifying affected individuals, which is often mandated by law. 

But direct costs are just the tip of the iceberg. Reputational damage packs a punch. Customers lose trust, and rebuilding that confidence takes time and money. Some customers may never return, leading to lost revenue. The statistics below throw light on the costs associated with data breaches.

  • In 2022, the typical data breach cost stood at $4.35 million globally. It was as high as $9.44 million in the US.
  • Companies dealing with the aftermath of data breaches find themselves paying around 13.5% more in audit fees than firms untouched by breaches.
  • Over the last five years, there's been a 12% rise in the global average data breach cost.
  • Companies that don’t comply with the general data protection regulation (GDPR) face severe penalties, with fines reaching up to 4% of their global yearly turnover.
  • Network downtime costs average $5,600 a minute or about $300,000 an hour.
  • Data breaches lasting over 200 days can rack up an average of $4.87 million.
  • The US saw the steepest data breach costs in 2021, averaging $9.05 million. 
  • Business email compromises come with a hefty tag of $24,439 per incident. 
  • The average business loss due to a data breach amounted to $1.42 million in 2019, making up 36% of the total average costs.
  • While not as pricey as malicious attacks, system glitches and human errors still average $3.24 million and $3.5 million, respectively.

3.9%

of customers churn after a data breach.

Source: N-Able

  • In cases where a third party triggers the breach, the costs climb by over $370,000, bringing the total average to $4.29 million.
  • Malware data breaches are the priciest at $2.6 million, followed closely by web-based and denial-of-service (DoS) attacks.
  • Adopting encryption, threat intelligence sharing, and DevSecOps can substantially reduce data breach costs. Encryption proves to be the most effective, lowering costs by an average of $360,000.
  • Companies that rigorously test their incident response plans face lower breach costs, saving an average of $1.23 million compared to unprepared firms.

Statistics surrounding the impact of data breaches on organizations

Data breaches deliver a heavy blow to organizations. They immediately disrupt operations and demand hefty resources to address the breach. Competitors have a chance to seize the moment, lure away clients and tarnish the affected organization's name. Read on about the impact of data breaches on organizations through a statistical POV.

  • After facing a data breach, companies listed on the stock market have seen their share values drop by an average of 7.5%. Worryingly, regaining the lost value took many of them 46 days, with some failing to recover entirely.
  • Companies grappling with a monumental data breach tend to fall behind NASDAQ's performance by 8.6% in the first year. The performance gap can reach 11.9% as they hit the two-year mark.

57%

of companies lack a cybersecurity policy. The absences is even more pronounced in medium-sized firms between 250 and 549 employees, where 71% admitted to not having one.

Source: Kaspersky

  • The Australian authorities directed Clearview to halt all its operations in the country after a data breach in 2021.
  • 60% of companies with remote workers experience higher data breach costs than their counterparts without remote workers.
  • Organizations with sizable data breaches are less prone to face another breach in the subsequent two years.

Biggest data breaches of all time

Some data breaches have been so big they've left a lasting mark on the digital landscape. The Yahoo breach stands out. In 2013-2014, hackers accessed data from all of Yahoo’s 3 billion users, making it the largest in history. Discover other significant breaches through the statistics below. 

  • Okta faced a steep loss, with a decrease of $6 billion in its market cap, following a security breach with one of its third-party suppliers.
  • AT&T incurred a fine of $25 million from the Federal Communications Commission (FCC) in 2015 due to a breach that revealed information from thousands of user accounts.
  • In a shocking revelation in early 2018, the Aadhaar database was hacked, exposing the personal and biometric details of over 1.1 billion Indian citizens.
  • A massive cyberattack on Microsoft Exchange email servers in the US affected over 30,000 businesses. The hackers’ expertise exploited four distinct zero-day vulnerabilities.
  • The AdultFriendFinder network experienced a security breach in 2016, compromising the private data of 412 million users.
  • A significant online leak happened in 2017 when Deep Root Analytics accidentally leaked nearly 200 million voter details online.
  • In 2013, Target acknowledged a data breach of 70 million compromised records.
  • Poor data security measures led First American Financial Corporation to leak substantial data in 2019. This attack emphasized the danger of inadequate website design and security protocols.
  • Facebook has faced several data leaks, with one of the most notable ones exposing over 530 million users' details in April 2021.

700 million 

LinkedIn users’ data was being scraped and posted online in 2021. It was a massive violation involving over 93% of its total user base.

Source: UpGuard

  • In a severe breach, Marriott International acknowledged there had been unauthorized access to its Starwood reservation database since 2014, affecting around 500 million guests.
  • In 2019, a former AWS employee, Paige Thompson, hacked Capital One and accessed over 100 million customer records and credit card applications from 2005.
  • Plex urged nearly 30 million users to reset their passwords in August 2022 following a breach that exploited an unpatched vulnerability. It compromised user data, including emails and encrypted passwords.
  • Various major companies face fines for data mishandling. Uber, $148 million in 2018 for not disclosing a previous breach, and Google, $170 million in 2019 for child data privacy violations, are just two examples.

Data breach statistics by industry

Take a look at the statistics below to understand how data breaches affect different industries.

Healthcare

Data breaches hit the healthcare industry hard. When patient information gets exposed, it's not just names or addresses; it's often detailed medical records and insurance information. Breaches like these erode patient trust. 

  • In 2021, the healthcare sector faced enormous financial losses of over $7.8 billion due to downtime from ransomware attacks.

5,882

U.S. hospitals showed a notable reduction in data breaches by deeply integrating IT security into their systems and operations

Source: HBR

  • The healthcare industry topped the list for experiencing the most data breaches, with a concerning rate of 39%.
  • Post-data breach, hospitals ramp up their advertising spending by 64%.
  • Broward Health in Florida announced a breach affecting 1.35 million people on January 2, 2022.
  • Shields Healthcare reported the most substantial data breach of 2022, affecting over 2 million individuals.
  • There’s a sharp rise in healthcare’s average total cost due to data breaches, escalating from $7.13 million in 2020 to $9.23 million in 2021.
  • In June 2022, Texas Tech University Health Sciences Center reported a hacking incident affecting over 129 million individuals.
  • 90% of healthcare institutions faced at least one data breach in 2020.

93%

of healthcare organizations underwent a data breach in the past three years, with 57% experiencing over five violations.

Source: Herjavec Group

  • Large hospitals are hotspots for data breaches, with 30% of all significant incidents that leak patients' private information.
  • In 2020, targeted data breaches in the healthcare sector surged by 58%, and breach costs remained the highest for the 12th consecutive year, with a 42% increase. 
  • There was an 80% rise from 2017 to 2019 in the number of individuals affected by health data breaches.

Finance

Data breaches in the finance sector shake the foundation of trust that institutions rely upon. The implications are vast when banks, credit agencies, or investment firms are compromised. 

  • In the healthcare and financial realms, data breach lifecycles last notably long, 329 and 233 days, respectively.
  • Cybercriminals can accumulate $2.2 million by formjacking attacks, which involve stealing ten credit cards from each website they target.

64%

of financial service firms faced security lapses when over 1,000 sensitive files were easily accessible to all employees.

Source: Varonis

  • 59% of financial services companies had over 500 never-expiring passwords, and nearly 40% were home to over 10,000 dormant "ghost" users.
  • Data breaches wreaked havoc in the insurance sector. 39% stemmed from malicious intent and 35% were found to be accidental. The breach caused a significant surge in loss and claims.
  • Financial organizations shelled out $5.97 million due to attacks, placing them as the industry with the second-highest data breach expenses.
  • Between 2021 and 2022, the financial industry witnessed a rise in data breach-related costs from $5.72 million to $5.97 million, marking a 4.4% uptick.
  • In 2018, the financial sector underwent 137 data breaches, exposing a concerning number of accounts – 1.7 million.

Small and medium-sized enterprises

Data breaches in small and medium-sized enterprises (SMEs) often fly under the radar, but their impact is profound. SMEs might think they're less of a target than big corporations, but the opposite is true. Hackers see them as low-hanging fruit, often because they lack the strong security measures that larger entities do.

  • Small enterprises were involved in 28% of data breach incidents in 2022, highlighting a significant vulnerability.
  • 60% of small and medium-sized businesses (SMBs) shut down within half a year following a cyber-attack.

Causes of a data breach: a statistical overview

Data breaches occur for various reasons, some more apparent than others. Often, hackers exploit weak or outdated security systems, so making regular updates is crucial. Simple human error plays a significant role, too. 

  • Distributed denial-of-service (DDoS) attacks have become prominent, with the average attack reaching over 26 gigabytes per second (Gbps), a 500% increase. Moreover, in the early months of 2020, these attacks spiked by 278% compared to the same period in 2019.
  • Identity theft accounted for 59% of all global data breaches, making it the most common type of incident.
  • Insider threats were responsible for 58% of data breaches in 2022.

80%

of hacking-related breaches occur using brute force tactics or lost or stolen credentials.

Source: Verizon

  • Nearly one-fifth of all data breaches in 2022 happened because business partners compromised security.
  • 4,800 websites are affected by formjacking code every month.
  • In 2022, compromised credentials led to 19% of data breaches and cost an average of $4.5 million.
  • Financial gain drives a vast majority (71%) of breaches.
  • Ransomware features in almost one-quarter (24%) of incidents involving malware.
  • In 2016, 95% of the records breached belonged to the government, retail, and technology sectors.
  • Organized crime groups were behind 36% of external data breaches in 2019.
  • 23% of data breaches come down to human errors.
  • In 17% of cases, hackers utilized phishing emails to infiltrate organizations last year, showcasing a prevalent vulnerability.

Prevention is always better

Companies must prioritize comprehensive security measures, and individuals should remain vigilant when it comes to protecting their personal information. While technology offers convenience, it also presents risks, making cybersecurity a shared responsibility for everyone.

Learn more about what you can do if you have a data breach.


Get this exclusive AI content editing guide.

By downloading this guide, you are also subscribing to the weekly G2 Tea newsletter to receive marketing news and trends. You can learn more about G2's privacy policy here.